Home | History | Annotate | Download | only in brillo 
      1 // Copyright (c) 2012 The Chromium OS Authors. All rights reserved.
      2 // Use of this source code is governed by a BSD-style license that can be
      3 // found in the LICENSE file.
      4 
      5 #ifndef LIBBRILLO_BRILLO_SECURE_BLOB_H_
      6 #define LIBBRILLO_BRILLO_SECURE_BLOB_H_
      7 
      8 #include <initializer_list>
      9 #include <string>
     10 #include <vector>
     11 
     12 #include <brillo/asan.h>
     13 #include <brillo/brillo_export.h>
     14 
     15 namespace brillo {
     16 
     17 using Blob = std::vector<uint8_t>;
     18 
     19 // Conversion of Blob to/from std::string, where the string holds raw byte
     20 // contents.
     21 BRILLO_EXPORT std::string BlobToString(const Blob& blob);
     22 BRILLO_EXPORT Blob BlobFromString(const std::string& bytes);
     23 
     24 // Returns a concatenation of given Blobs.
     25 BRILLO_EXPORT Blob CombineBlobs(const std::initializer_list<Blob>& blobs);
     26 
     27 // SecureBlob erases the contents on destruction.  It does not guarantee erasure
     28 // on resize, assign, etc.
     29 class BRILLO_EXPORT SecureBlob : public Blob {
     30  public:
     31   SecureBlob() = default;
     32   using Blob::vector;  // Inherit standard constructors from vector.
     33   explicit SecureBlob(const Blob& blob);
     34   explicit SecureBlob(const std::string& data);
     35   ~SecureBlob();
     36 
     37   void resize(size_type count);
     38   void resize(size_type count, const value_type& value);
     39   void clear();
     40 
     41   std::string to_string() const;
     42   char* char_data() { return reinterpret_cast<char*>(data()); }
     43   const char* char_data() const {
     44     return reinterpret_cast<const char*>(data());
     45   }
     46   static SecureBlob Combine(const SecureBlob& blob1, const SecureBlob& blob2);
     47   static bool HexStringToSecureBlob(const std::string& input,
     48                                     SecureBlob* output);
     49 };
     50 
     51 // Secure memset(). This function is guaranteed to fill in the whole buffer
     52 // and is not subject to compiler optimization as allowed by Sub-clause 5.1.2.3
     53 // of C Standard [ISO/IEC 9899:2011] which states:
     54 // In the abstract machine, all expressions are evaluated as specified by the
     55 // semantics. An actual implementation need not evaluate part of an expression
     56 // if it can deduce that its value is not used and that no needed side effects
     57 // are produced (including any caused by calling a function or accessing
     58 // a volatile object).
     59 // While memset() can be optimized out in certain situations (since most
     60 // compilers implement this function as intrinsic and know of its side effects),
     61 // this function will not be optimized out.
     62 //
     63 // SecureMemset is used to write beyond the size() in several functions.
     64 // Since this is intentional, disable address sanitizer from analying it.
     65 BRILLO_EXPORT BRILLO_DISABLE_ASAN void* SecureMemset(void* v, int c, size_t n);
     66 
     67 // Compare [n] bytes starting at [s1] with [s2] and return 0 if they match,
     68 // 1 if they don't. Time taken to perform the comparison is only dependent on
     69 // [n] and not on the relationship of the match between [s1] and [s2].
     70 BRILLO_EXPORT int SecureMemcmp(const void* s1, const void* s2, size_t n);
     71 
     72 }  // namespace brillo
     73 
     74 #endif  // LIBBRILLO_BRILLO_SECURE_BLOB_H_
     75